[IP forwarding] Need more informations

Greetings !!

I use two ethernet interfaces on this computer that I wanted to use as a gateway to serve two distincts networks.

The first on eth0 to serve 10.10.100.0
The second on eth1 to serve 192.168.1.0

I configured the dhcp server to give correct address for each clients on each segment of the network, those connected to the hub that joins the eth0 interface are receiving 10.10.100.X addresses and those connected to the hub connected on eth1 are receiving 192.168.1.x addresses.

I activated ip forwarding for both interfaces but each time I try a ping from 192.168.1.0 network a client on 10.10.100.0 network there is no response.

As I can ping both network clients from the “gateway” I suppose that the ip forwarding is not well configured, there is no rule to route packets from eth0 to eth1.

I have a very basic knowledge concerning iptables so I used iptables -L and started to decrypt the different rules at console but nothing indicated to block the packets nore to route them.

In my route -n command I read that the default gateways are set for both interfaces.

route add -net 10.10.100.0 netmask 255.255.255.0 gw 10.10.100.1 eth0 

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1

or

route add default gw 10.10.100.1 eth0
route add default gw 192.168.1.1 eth1

produce the same behaviour, none of the icmp packets from 10.10.100.0 network won’t join 192.168.1.0 network.

Must I explicitly add a rule concerning iptables to route all packets from eth0 and eth1 and reverse or is there something I missed somewhere ?

thank you in advance !
Hurukan

To begin with, you can have one and only one default gateway on a system. That is what the word ‘default’ means.

When package has to go to a destination (IP address) the routing table is used to find out if there is any route for a network where that IP address belongs to. When no such a route is found the package is send to the gateway mentioned in the default route. In you case that default gateway could be on your 10.10.100/24 network or on your 192.168.1.0/24 network.

When you have two route statements setting the default route like:

route add default gw 10.10.100.1 eth0
route add default gw 192.168.1.1 eth1

the last will simply overwrite the first because there can not be two hands on a handpost showing “Exit” in two different directions (if I may use a metaphore). Use

route -n

to see which routes are active atm. The one with mask 0.0.0.0 is the default route.

Also mentioning the interface in those route stateements is not needed because the system very well knows which interface is connected to wich network.

Hope this will give you a better idea about default routes and thus a better insight in your problems.

Thanx I had no time to work with since last post and today I took time to check what was wrong with the routing.

I use VMWare to do tests and now I’m happy: it works but at the condition that the firewall must be stopped (!).

The first step was to enable ip formarding but there I was too confident with the GUI interface concerning the interface set up using YaST… when checked the check box in the routing tab in Network Settings you have to check at command line because I lost two hours in this case because ip_forwarding wasn’t set to 1…

And there this is not the only “side effect” I was frontin’… and I didn’t know that before I dig and discovered it…

When shutting down the SuSE firewall, all the “forward” settings are switched to off (0) !!
And you have to check /proc/sys/net/ipv4/conf/<your interface involved in the routing>/forwarding if there is a 1, otherwise there is no routing at all !!

Now I can route ip packets from one network to another (in host-only or vlan mode).

The dhcp server gives ip adresses to two different segments (here 101.10.100.0 and 100.10.100.0) and strangely, even if there is no VLAN, the two client machines that I used to make the tests, obtained addresses from each segment, without specifying which interface those clients were about to be connected to… there is no gateway address to be specified when checked “obtain ip address automaticaly” under windows xp.
But each time I rebooted the two clients, one was on the first segment (talking with 100.10.100.1 gateway) and the second was on the second segment (talking with 101.10.100.1 gateway). It is clearer using VLANs, I checked client001 for VLAN1 talking with the interface VLAN1 on the router and VLAN2 for client002 talking with the interface VLAN2 on the router.

That was a nice surprise, I feared this won’t work with host-only settings.

I really need to know how iptables works because when the firewall is on, I got Destination port unreachable from the gateway… all I have to do, but I don’t know how is to say to the firewall, accept all requests from the networks supposed to be “friends”…

I don’t know which “Chains” would be appropriated ?

FORWARD ?
input_ext ?
forward_ext ?

I need to check iptables documentation and study more than fly-over as I did untill today, free time is the kay so… thanx or your help